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frMKNnMKN™ TO THE CI AIMS 

I (cun-eutly amended) A method for creating a proof of possession 
confirmation for inclusion by ^certification authority into a digital certificate, the digital 
certificate for use by an end user, the method comprising: 

receiving, from the certification authority in response to a certificate 
request by the end user, a plurality of data fields corresponding to a target host system, the 
identity of the end user, and a proof of identity possession by the end user; 

analyzing the content of s«id plurality of data fields; 

verifying the accuracy of said plurality of data fields; and 

if said plurality of data fields is verified as accurate, sending a signed 
object to the certification authority, said signed object comprising the proof of possession 

eonfinii-io,^^ 

soLasjoprewn^^ 

2. (original) The method of claim \, wherein said plurality of data fields 

furlhcr comprises: 

a host name; 

a subject identification; 

a subject public key information; and 

a sealed proofof possession. 

3. (original) The method of claim 2, wherein analyzing the content of said 

plurality of data fields furlhcr comprises: 

decrypt! ug a proof of possession structure from said sealed proof of 

possession; 

extracting a password from said scaled proof ofposscssion structure; 
extracting a key identifier from said proof of possession structure; and 
calculating a correct key identifier from said subject public key 

information. 
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4. (original) The method of claim 3, wherein the accuracy of said plurality of 

data fields is verified if: 

said host name is matched with an identity of said target host system; 
said extracted password is validated as a valid password for the end user; 

and 

said, extracted key identifier is matched with said correct key identifier 
calculated from said suhject public key information. 

5. (original) The method of claim 3, wherein said extracted password and said 
extracted key identifier arc initially symmetrically encrypted. 

6. (original) The method of claim 3, wherein said extracted password and 
said extracted key identifier arc initially asymmetrically encrypted. 

7. (original) The method o f claim 1 , wherein: 

said plurality of data fields includes a password; and 
said signed object docs not include said password. 

8. (currently amended) A storage medium encoded with a machine readable 
computer program code for creating a proof of possession confirmation for inclusion by a 
certification authority into a digital certificate, the digital certificate for use by an end 
user, the storage medium including instructions for causing a computer to implement a 
method, the method comprising: 

receiving, from the certification authority in response to a certificate 
request by the end user, a plurality ofdata fields corresponding to a target host system, Hi 
identity of the end user, and a proof of identity possession by the end user; 

analyzing the content of said plurality ofdata fields; 

verifying the accuracy of said plurality ofdata fields; and 
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if said plurality ofdaia llclds is verified as accurate, sending a signed 
object 10 the certification authority, said signed object comprising the proof of possession 

coiirimialton^M^^ 
so_tisJjLiHem!l^ a ^i!^ 

9. (original) The storage medium of claim 8, wherein said plurality or data 

fields further comprises: 

a host name; 

■a subject identification; 

a subject public key information; and 

a scaled proof of possession. 

10. (original) The storage medium of claim 9, wherein analyzing the content 
of said plurality ordnta fields further comprises: 

decrypting a proof orpossession structure from said sealed proof of 

possession; 

extracting a password from said scaled proof of possession structure; 
extracting a key identifier from said proof of possession structure; and 
calculating ft correct key identi ficr from said subject public key 

information. 

11. (original) The storage medium of claim 10, wherein the accuracy or said 

plural ily of data fields is vcri fied if: 

said host name is matched with an identity of said target host system; 
said extracted password is validated as a valid password for the end user; 

and 

said extracted key identifier is matched with said correct key identifier 
calculated from said subject public key information. 
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12. (original) The storage medium of claim 10, wherein said extracted 
pnaword and said extmctedkey identifier arc mili-lly symmetrically encrypted. 

1 3 . (original) The storage medium of claim 10, wherein said extracted 
password and said extracted key identifier are initially asymmetrically encrypted. 

14. (original) The storage medium of claim 8, wherein: 

said plurality of data fields includes a password; and 
said signed object does not include said password. 



'15 (currently amended) A computer data signal.crnhM^.i^^^^ I 
for creating a proof of possession confirmation for inclusion by a certification authority 
into a digital certificate, the digital certificate for use by an end user, the computer data 
Bignal comprising code configured to cause a processor to implement a method, the 

method comprising: 

receiving, from the certification authority in response to a certificate 
request by Ihe end user, a plurality of data fields corresponding to a target host system, die 
identity of the end user, and a proof of identity possession by the end user; 

analyzing the content of said plurality of data fields; 

verifying the accuracy of said plurality of data fields; and 

if said plurality of data fields is verified as accurate, sending a signed 
object to the certification authority, said signed object comprising the proof of possession 

confimurton^^^ 
sqjL<ypa\rcj^n^ 

16. (original) The computer data signal of claim 1 5, wherein said plurality of 
data fields further comprises: 
a host name; 
a subject identification; 
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a subject public key information; and 
a scaled proorof possession. 

17. (original) The computer data signal or claim 16, wherein analyzing the 
content of said plurality of data Gelds further comprises: 

decrypting a proof oF possession structure from said scaled pro©r of 

possession; 

extracting a password from said sealed proof of possession structure; 
extracting a key identifier from said proof or possession structure; and 
ca Iculaling a correct key identifier from said subject public key 

information. 

1 8. (original) The computer data signal or claim 17, wherein the accuracy of 
said plurality of data fields is verified if: 

said host name is matched with an identity of said target host system; 
said extracted password is validated as a valid password for the end user; 

and 

said extracted key identifier is matched with said correct key identifier 
calculated from said subject public key information. 

] 9. (original) The computer data signal of claim 1 7, wherein said extracted 
password and said extracted key identifier arc initially symmetrically encrypted, 

20. (original) The computer data signal of claim 1 7, wherein said extracted 
password and said extracted key identifier are initially asymmetrically encrypted. 

21. (original) The computer data signal of claim 15, wherein: 

said plurality of data fields includes a password; and 
said signed object does not include said password. 
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22. (new) The method of claim 2, wherein said scaled proofof possession is 
verifiable for compatibility with at least one other of said plurality of data fields of said 
certificate request. 

23. (new) The storage medium of claim 9, wherein said sealed proof of 
possession is verifiable for compatibility with at least one other of said plurality of data 
fields of said certificate request. 

24. (new) The computer data signal of claim 16, wherein said scaled proofof 
possession is verifiable for compatibility with at least one other of said plurality of data 
fields of said certificate request. 
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